'''
wordtoexeccomments.py

Copyright 2009 Xavier Mendez Navarro aka Javi

This file is part of pysqlin

pysqlin is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation version 2 of the License.

pysqlin is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with pysqlin; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
'''

from framework.interfaces import IFilter
from framework.baseclass import BFilter

class WordToExecComm(IFilter, BFilter):
    def name(self): return 'WordToExecComm'
    def summary(self): return "Replaces word with /*! word */.See: http://ptresearch.blogspot.com/2009/11/another-fine-method-to-exploit-sql.html"
    def priority(self): return 79
    def database(self): return ('mysql',)
    def type(self): return (IFilter.DB_QUERY,)
    def transform(self, request):
	str = ""
	for inside in request.split():
	    str =  str +  '/*! ' + inside + ' */'

	return str

def load(api):
    return WordToExecComm()
